Edit Virus Alert

Panda Sofware Issues RED ALERT: Mydoom.B Variant of the Mydoom worm Glendale, CA - January 28, 2004 - Even though incidents caused by Mydoom.A.worm are still on the rise, PandaLabs has already detected variant B of this worm: Mydoom.B.worm. This new variant is even more dangerous than its predecessor, as it is designed to prevent several antivirus programs from updating correctly. This, nevertheless, does not affect Panda Software antivirus solutions. • It is designed to prevent many antivirus programs from updating correctly, although this doesn’t affect Panda Software antivirus solutions. • It is particularly dangerous for corporate networks of any size, as it can saturate them. • Although very similar to its predecessor, Mydoom.B.worm has been programmed to launch denial of service attacks on the Microsoft Corporation servers. • Mydoom.A.worm has infected seven times more computers than Bugbear.B, the second virus most frequently detected by Panda ActiveScan • Panda Software clients are advised to update their antivirus programs, as the company has already made the updates to its products available to them to ensure their solutions can detect and eliminate this new virus. • Similarly, users can also use the free, online antivirus, Panda ActiveScan, which is available on the company’s website at http://www.pandasoftware.com/ Like Mydoom. A, the new worm is designed to attack and saturate networks of any size. To do this, it searches e-mail addresses in the Outlook Address Book as well as in computer files with the extensions: .htm, .sht, .php, .asp, .dbx, .tbb, .adb, .pl, .wab, .txt. Then, the worm uses its own SMTP engine to send itself by e-mail. Mydoom.B.worm also spreads via KaZaA. Mydoom.B.worm also modifies the Windows hosts file. By doing this, it manages to redirect certain Internet addresses -including those of several antivirus vendors – so that, when users try to access them, the Internet browser shows an error message indicating that the page could not be found. In this way, it prevents several antivirus programs from updating properly. Unlike Mydoom.A, this new malicious code has been designed to launch DoS (Denial of Service) attacks against the Microsoft Corporation servers. Panda Software has already made the updates to its products available to its clients to ensure their solutions can detect and eliminate Mydoom.B. Even though Panda Software’s products can be automatically updated every day, those whose software is not configured to update automatically, should update their solutions from http://www.pandasoftware.com/. Users can also detect this and other malicious code using the free, online antivirus, Panda ActiveScan, which is available on the company’s website at http://www.pandasoftware.com/. Finally, the epidemic caused by the Mydoom.A worm shows no signs of cooling. The number if infected e-mails that are in circulation is continuously increasing, which means that the possibility of becoming infected by Mydoom.A is still very high. Mydoom.A.worm infection rate is seven times that of Bugbear.B, the second virus most frequently detected by the online antivirus Panda ActiveScan. Everything seems to indicate that the writer or writers of these two worms aim at putting as many copies of their creations as possible in circulation. In this way, on the dates when the denials of service attacks are set to occur, there will be more possibilities for these to be successful. Detailed technical information on Mydoom.A.worm and Mydoom.B.worm is available from Panda Software’s Virus Encyclopedia. About PandaLabs On receiving a possibly infected file, Panda Software's technical staff gets right to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users. For more information: Alan Wallace